csc 474 -- network securitydiscovery.csc.ncsu.edu/.../slides/t06.2_userauthentication.ppt.pdf · 1...
TRANSCRIPT
11
CSC 474 Dr. Peng Ning 1
Computer Science
CSC 474 -- Network Security
Topic 6.2 User Authentication
CSC 474 Dr. Peng Ning 2
Computer Science
User Authentication Basics
CSC 474 Dr. Peng Ning 3Computer Science
Authentication and Identity
• What is identity?– which characteristics uniquely identifies a person?– do we care if identity is unique?
• Authentication: verify a user’s identity– a supplicant wishes to authenticate– a verifier performs the authentication
• What’s relationship of identity to role, or jobfunction?
22
CSC 474 Dr. Peng Ning 4Computer Science
User Authentication Can Be Based On…
1. What the user knows– passwords, personal information, a key, a credit
card number, etc.2. Where the user is or can be reached
– email address, IP address, …3. Physical characteristics of the user
– fingerprints, voiceprint, signature dynamics, irispattern, DNA, etc.
4. What the user has in their possession– smart card, (physical) key, USB token, …
CSC 474 Dr. Peng Ning 5Computer Science
Based on… (cont’d)
• Which of the above is best? best in whatway?
CSC 474 Dr. Peng Ning 6Computer Science
Crypto-Based Authentication
• Basic idea: user performs a requestedcryptographic operation on a value (achallenge) that the verifier supplies
• Usually based on knowledge of a key (secretkey or private key)
• Examples: RSA, zero knowledge proofs, …• we’ll look at such protocols in more detail next
time
33
CSC 474 Dr. Peng Ning 7Computer Science
Address-Based User Authentication
• Associates identity with network address oremail address– used by many web services
• Several early OS functions and tools workedthis way
• Benefits? Problems?
CSC 474 Dr. Peng Ning 8
Computer Science
Password Authentication
CSC 474 Dr. Peng Ning 9Computer Science
Password-Based User Authentication
• User demonstrates knowledge of a secret valueto authenticate– most common method of user authentication
• Threats to password-based authentication?
challenge
response
44
CSC 474 Dr. Peng Ning 10Computer Science
Some Issues for Password Systems
• A password should be easy to remember buthard to guess– that’s difficult to achieve!
• Some questions– what makes a good password?– where is the password stored, and in what form?– how is knowledge of the password verified?
CSC 474 Dr. Peng Ning 11Computer Science
Password Storage
• Storing unencrypted passwords in a file is high risk– compromising the file system compromises all the stored
passwords• Better idea: use the password to compute a one-way
function (e.g., a hash, an encryption), and store theoutput of the one-way function
• When user inputs the requested password…1. compute its one-way function2. compare with the stored value
CSC 474 Dr. Peng Ning 12Computer Science
Attacks on Passwords
• Suppose passwords could be up to 9 characterslong
• This would produce 1018 possible passwords;320,000 years to try them all at 10 million asecond!
• Unfortunately, not all passwords are equallylikely to be used
55
CSC 474 Dr. Peng Ning 13Computer Science
Example of a Study
• In a sample of over 3000 passwords:– 500 were easily guessed versions of dictionary
words or first name / last name– 86% of passwords were easily guessed
605(lower
case only)
7064774647215Number ofpasswords
654321Length incharacters
CSC 474 Dr. Peng Ning 14Computer Science
Common Password Choices
• Pet names• Common names• Common words• Dates• Variations of above (backwards, append a few
digits, etc.)
CSC 474 Dr. Peng Ning 15Computer Science
Online Dictionary Attacks
• Can statically create a dictionary of all such choices• Guess passwords using a dictionary• Send guesses to verifier for confirmation or refutation
• Effective? Possible defensive techniques?
challenge
response
Dictionary
66
CSC 474 Dr. Peng Ning 16Computer Science
Offline Dictionary Attacks
• Obtain password file with hashed password values• Guess passwords, compute hash, and compare with
values stored in file– much faster than offline attacks!
• Effective? Possible defenses?
challengeresponseDictionary
CSC 474 Dr. Peng Ning 17Computer Science
“Salting” the Password
• Many systems append to each password a randomvalue (salt) before computing the one-way function– value is fixed and unique per user– stored with user’s hash value in the password file
• Increases the effort required for offline dictionaryattacks– each bit of salt doubles the effort required– dictionaries with precomputed hashes of common
passwords will not be useful• Doesn’t increase resistance to online attacks?
CSC 474 Dr. Peng Ning 18Computer Science
Example: Unix Passwords
• Keyed password hashes are stored, with two-character (16 bit) salt prepended– password file is publicly readable
• Users with identical passwords but differentsalt values will have different hash values
77
CSC 474 Dr. Peng Ning 19Computer Science
Password Guidelines For Users
1.Initial passwords are system-generated, have tobe changed by user on first login
2.User must change passwords periodically3.Passwords vulnerable to a dictionary attack are
rejected4.User should not use same password on
multiple sites5.etc. etc.
CSC 474 Dr. Peng Ning 20Computer Science
Other Password Attacks
• Technical– eavesdropping on traffic that may contain
unencrypted passwords (especially keystrokelogging)
– “trojan horse” password entry programs– man-in-the-middle network attack
• “Social”– careless password handling or sharing– phishing
CSC 474 Dr. Peng Ning 21
Computer Science
The S/Key Protocol
88
CSC 474 Dr. Peng Ning 22Computer Science
Using “Disposable” Passwords
• Simple idea: generate a long list of passwords,use each only one time– attacker gains little/no advantage by eavesdropping
on password protocol, or cracking one password• Disadvantages
– storage overhead– users would have to memorize lots of passwords!
• Alternative: the S/Key protocol– based on use of one-way (e.g. hash) function
CSC 474 Dr. Peng Ning 23Computer Science
S/Key Password Generation
1. Alice selects a password x2. Alice specifies n, the number of passwords
to generate3. Alice’s computer then generates a sequence
of passwords– x1 = H(x)– x2 = H(x1)– …– xn = H(xn-1)
x (Password)
x1
H H H H
x2 x3 x4
CSC 474 Dr. Peng Ning 24Computer Science
Generation… (cont’d)
4. Alice communicates (securely) to a server thelast value in the sequence: xn
• Key feature: no one knowing xi can easilyfind an xi-1 such that H(xi-1) = xi– only Alice possesses that information
99
CSC 474 Dr. Peng Ning 25Computer Science
Authentication Using S/Key
• Assuming server is in possession of xi …
i
xi-1
verifies H(xi-1) = xi
AliceServer
Is dictionary attack still possible?
CSC 474 Dr. Peng Ning 26Computer Science
Limitations
• Value of n limits number of passwords– need to periodically regenerate a new chain of
passwords• Does not authenticate server! Example
attack:1. real server sends i to fake server, which is
masquerading as Alice2. fake server sends i to Alice, who responds with xi-
1
3. fake server then presents xi-1 to real server
CSC 474 Dr. Peng Ning 27
Computer Science
Biometrics
1010
CSC 474 Dr. Peng Ning 28Computer Science
Biometrics
• Relies upon physical characteristics of peopleto authenticate them
• Desired qualities1. uniquely identifying2. very difficult to forge / mimic3. highly accurate, does not vary4. easy to scan or collect5. fast to measure / compare6. inexpensive to implement
– Which of these are concerns for passwords?
CSC 474 Dr. Peng Ning 29Computer Science
Assessment
• Convenient for users (e.g., you always haveyour fingerprints, never have to rememberthem), but…– potentially troubling sacrifice of private
information– no technique yet has all the desired properties
CSC 474 Dr. Peng Ning 30Computer Science
Example Biometric Technologies
• Signature / penmanship / typing style• Fingerprints• Palm geometry• Retina scan• Iris scan• Face recognition• Voice recognition
1111
CSC 474 Dr. Peng Ning 31Computer Science
The Scorecard From One Study
CSC 474 Dr. Peng Ning 32Computer Science
Multifactor Authentication
• If one characteristic is pretty good, two ormore characteristics should be better?
• Suppose true positive rate was AND of thetwo, and false positive rate was OR of thetwo…– TP = TP1 * TP2– FP = 1 - (1-FP1)*(1-FP2)
• Alternative: combine a biometric techniquewith passwords
CSC 474 Dr. Peng Ning 33
Computer Science
Authentication Hardware (Tokens)
1212
CSC 474 Dr. Peng Ning 34Computer Science
Tokens
• A token is a physical device that can be interfacedto the computer, and carries identifying information
• Types– passive tokens just store information– active tokens have processors and can perform
cryptographic operations
• Examples– cards with magnetic strips– smart cards– USB storage devices– RFID tags
CSC 474 Dr. Peng Ning 35Computer Science
Design Issues for Tokens
• Cost• Size• Capabilities• Robustness• Resistance to tampering• Usefulness if stolen / lost
CSC 474 Dr. Peng Ning 36Computer Science
An Example:Time Synchronized Tokens
• The token contains:– internal clock– display– a secret key
• Token computes a one-way function of currenttime+key, and displays that– this value changes about once per minute
• User reads this value and types it in to authenticate tothe server– requires that server and token time stays synchronized
1313
CSC 474 Dr. Peng Ning 37Computer Science
Another Example: Alladin eToken
Battery, 5 year lifetimePower source
RSA 1024-bit / 2048-bit*, DES, 3DES, SHA1SecurityAlgorithms
10 yearsData retention
6 charactersLCD
PKCS#11 v2.01, CAPI (Microsoft CryptoAPI), Siemens/Infineon APDU commands,PC/SC, X.509 v3 certificate storage, SSL v3,IPSec/IKE
API / standards
CSC 474 Dr. Peng Ning 38Computer Science
Summary
1. Passwords are by far the most widely usedform of authentication, despite numerousproblems
2. Biometrics hold promise but are expensive,inconvenient, and compromise privacy
3. Two factor authentication is commonly usedfor higher security
4. One-time passwords (S/Key) are attractive,especially if combined with hardware